EP1276062A1 - Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur - Google Patents

Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur Download PDF

Info

Publication number
EP1276062A1
EP1276062A1 EP01410087A EP01410087A EP1276062A1 EP 1276062 A1 EP1276062 A1 EP 1276062A1 EP 01410087 A EP01410087 A EP 01410087A EP 01410087 A EP01410087 A EP 01410087A EP 1276062 A1 EP1276062 A1 EP 1276062A1
Authority
EP
European Patent Office
Prior art keywords
data
key
user
information source
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01410087A
Other languages
German (de)
English (en)
Inventor
Dominique Vicard
Gavin Brebner
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HP Inc
Original Assignee
Hewlett Packard Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Co filed Critical Hewlett Packard Co
Priority to EP01410087A priority Critical patent/EP1276062A1/fr
Priority to US10/194,974 priority patent/US20030012384A1/en
Publication of EP1276062A1 publication Critical patent/EP1276062A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • This invention relates to a method of providing user-specific data to an information source, to a data carrier and to a method of personalising a user's Internet experience.
  • the invention relates to methods and apparatus for use in profiling (i.e. tailoring) on-line services such as the provision of web content, in accordance with data that is peculiar to the user concerned.
  • profiling i.e. tailoring
  • Such methods and apparatus are known in themselves and commonly employ cookies and the like to inform information sources such as web servers of a range of user-specific data, so that the service supplied to the user may be tailored in accordance with that user's personal preferences.
  • Systems and devices are used in this area to personalise web pages so that, for example, advertisers may target users with on-line advertisements which are likely to be of interest to the user concerned.
  • automated personalisation of this type can be beneficial from the user's perspective, in that repeated on-line form filling, otherwise required to inform a service provider of the user's particular interests, is avoided.
  • a method of providing user-specific data to an information source to enable the information to be obtained in accordance with the user-specific data, the data being conveyed in encrypted form and wherein the data key used to provide the information source with unencrypted data is obtained using a broker.
  • access to the data key may be restricted in accordance, for example, with user commands, and/or preferences.
  • the encrypted data is conveyed using the broker.
  • the broker forwards the data to the information source without disclosing the origin of the data.
  • the broker (which may be a proxy server, for example) may record the origin of the data, mark the data in a corresponding manner, and forward the thus-marked data to the information source.
  • this mark (which may comprise a digital code)
  • the broker upon receipt of the information from the information source, may identify the intended recipient of the information and return it to the user, as appropriate.
  • the data key may be symmetric and may be deposited with the broker in encrypted form. Preferably, the data key is generated randomly.
  • the data key may be encrypted using a private exchange key, and the data key may be decrypted using a public exchange key, conveyed with the data.
  • the information may be encrypted prior to being returned to a user.
  • the information preferably is encrypted using a symmetric information key.
  • the information key preferably is randomly generated.
  • the information key may be encrypted using the or an additional public exchange key, and may be decrypted using the or an additional private exchange key.
  • the encrypted data and the public exchange key may be conveyed in or using a carrier.
  • the carrier preferably is a software agent, and conveniently may interact with the information source to divulge user-specific data in response to queries from or on behalf of the information source.
  • the interaction (which may be effected using an Application Program Interface) enables user-specific information to be provided upon request, but that it does not allow free, unregulated, access to all the user-specific data.
  • the arrangement allows the information source to elicit information peculiar to its requirements, thus enabling the information obtained from the source to be tailored in accordance with certain facets of the user-specific data, without disclosing excess or inappropriate data to the information source.
  • the data may comprise a plurality of data sets, wherein each set can only be decrypted with a set-specific data key.
  • the broker transmits the data key to the agent in response to a request from the agent, the request including a source identifier whereby the identity of the information source may be established.
  • the broker logs or otherwise records each such request.
  • this logging step provides a still further layer of security, as the user may review the request logs on demand, whereby an indication may be obtained of which entities (i.e. which information sources) have accessed the user-specific data using the data key.
  • the broker logs or records the requests in accordance with each thus-identified information source: in this way, the number of requests dispatched by or on behalf of a particular information source may be monitored.
  • the broker is authorised to transmit the data key for a limited period only, after which key requests will not be complied with.
  • a data key may be rendered inoperative subsequent to the unencrypted data being divulged.
  • the data key may be rendered inoperative by the agent, by destroying, overwriting or otherwise corrupting the data key.
  • the agent is operative to carry out an integrity check prior to being conveyed to the broker.
  • the integrity check may comprise generating an agent digest and comparing the digest with a trusted control digest, which control digest may be held by a certification authority.
  • the digest may be passed to the certification authority in encrypted form, and preferably is encrypted using a private integrity key.
  • the digest may be decrypted by the certification authority using a public integrity key.
  • a method of providing user-specific data to an information source to enable the information to be obtained in accordance with the user-specific data, the data being conveyed in encrypted form and wherein the data key used to provide the information source with unencrypted data is released by a key source only when the key source is appropriately authorised to do so.
  • the key source may be operative to release the data key in response to predetermined request criteria such as the location/identity of the requestor, the time at which the request is made and/or the number of previous occasions upon which a requestor has made the same or a similar request.
  • a data carrier for use in providing encrypted user-specific data to an information source to enable the information to be obtained in accordance with the user-specific data
  • the carrier comprising a module operative, in response to queries dispatched by or on behalf of the information source, to divulge unencrypted user-specific data to or for use by the information source.
  • the carrier is a software agent, with the module conveniently being provided by an Application Program Interface.
  • the module may be operative to obtain, from a third party, a data key, whereby the unencrypted data may be divulged to the information source.
  • the data carrier may be as described in one or more of the preceding paragraphs.
  • a method of providing user-specific data to an information source to enable the information to be obtained in accordance with the user-specific data the data being conveyed in encrypted form in or using a carrier, the carrier comprising a module which, in response to queries dispatched by or on behalf of the information source, divulges unencrypted user-specific data to or for use by the information source.
  • the invention in its fourth aspect, may comprise one or more features described in relation to the first three aspects of the present invention.
  • a method of personalising a user's Internet experience comprising conveying, with or in conjunction with a web page request, a carrier comprising user-specific data in encrypted form, the carrier comprising a module operative, in response to queries dispatched by or on behalf of the web page content provider, to divulge unencrypted user-specific data whereby the page returned may be tailored in accordance with the user-specific data.
  • the carrier is conveyed via a broker, the broker being operative to forward the carrier to an appropriate web server without disclosing, to the server, the origin of the data.
  • the carrier is a software agent, with the module being provided by an Application Program Interface.
  • the invention in its fifth aspect, may comprise one or more of the features described in relation to the first four aspects.
  • a method of providing user-specific data to an information source to enable the information to be obtained in accordance with the user-specific data, the data being conveyed in encrypted form, the data key used to provide the information source with unencrypted data being obtained using a broker and wherein the data key is conveyed using a carrier in the form of a software agent.
  • use of the present invention relies upon a software agent 10 written using a mobile code such as Java which, at least initially, is provided on a user's workstation 11 or on a non-volatile data storage medium (not shown) readable by the workstation 11.
  • a software agent 10 written using a mobile code such as Java which, at least initially, is provided on a user's workstation 11 or on a non-volatile data storage medium (not shown) readable by the workstation 11.
  • user-specific data is transferred to the agent, with the transfer encompassing a symmetric encryption step using a randomly generated data key 12.
  • This key is generated, in generally conventional manner, using a triple DES or AES (Advanced Encryption Standard) cryptography method, with the key length (56, 128 or even 256 bits) being selected to ensure a high degree of data confidentiality.
  • the amount - and type - of data (which is shown in encrypted form at 13) that is transferred to the agent 10 will depend upon the type of service/information that the user wishes to access.
  • the data transferred to the agent 10 may include details of the user's qualifications, age, experience, current salary and salary expectations.
  • the data may include details of the user's preferred sports and the format and frequency with which the user wishes to be notified of certain events or occurrences.
  • "excess" data may be transferred to the agent, in that some of the data transferred may not in fact be used by the target service. This, however, does not cause any privacy problems, as the agent is configured to release data to a target service only in response to certain queries.
  • the data includes a pointer (such as a redirect command) that causes any data flow between the user and a target service (information source) 14 to be channelled through a broker 15.
  • a pointer such as a redirect command
  • the broker 15 which may be provided by a proxy web server, thus constitutes an electronic "stepping stone" and acts to receive and forward data from and to the user's workstation and the information source 14.
  • the agent carries out an integrity check by generating, using the agent code, an agent code digest, using an appropriate digest algorithm.
  • the digest 16 is then encrypted with a user private key 17, and the encrypted digest 18 is then sent to a trusted certification authority 19 for verification.
  • the certification authority which, in generally conventional manner, has previously been provided with a copy of the user's public key 20, decrypts the encrypted digest 18 and compares the unencrypted digest 16 with a control digest 21 located in an appropriate data store under the control of the certification authority. This, as will be appreciated, has two effects. The first is that successful decryption of the encrypted digest 18 confirms the origin of the encrypted digest 18, as the user's private key 17 was used to effect the encryption.
  • the certification authority would not be able to decrypt the encrypted digest using the user's public key 20.
  • comparison of the decrypted digest with the control digest enables the certification authority to confirm that the agent code has not been tampered, altered or otherwise corrupted in any way.
  • the agent 10 which also carries an exchange public key 22 in a key store 23, is sent from the workstation 11 towards the information source 14, via the broker 15.
  • the broker 15, in forwarding the agent towards the information source 14, is operative to hide or disguise the origin of the agent 10, so that even in the event that the user-specific data passes to an unauthorised entity, the data cannot be tied to the individual, network or workstation from which it originated.
  • the broker 15 is also supplied, by the workstation 11, with an encrypted form of the data key 12.
  • the data key 12 is encrypted using an exchange private key 24, obtained from a user's key store 25.
  • the encrypted data key 26 is then held by the broker 15 until the broker receives a key request from the agent 10, as described in more detail hereafter.
  • the agent When the information source receives the agent, the agent is loaded and activated, which then allows the agent to release certain parts of the user-specific data in response to queries generated by the information source 14.
  • the information source queries the agent 10 by asking specific questions that can be answered using the user-specific data.
  • the agent asks the broker 15 to supply it with the encrypted data key 26, to enable a relevant part of the user-specific data to be accessed.
  • the encrypted data key 26, encrypted using the exchange private key 24 is decrypted using the exchange public key 22 contained within the agent's key store 23.
  • the agent Using the thus-decrypted data key 12, user-specific data relating to the particular query can be unlocked from the encrypted data store 28, and is passed to the information source via the broker 15. Subsequently, the agent renders the data key inoperative, such as by destroying, overwriting or otherwise corrupting the key, to ensure that the key does not remain available in unencrypted form for any longer than is absolutely necessary.
  • the broker 15 logs each occasion on which the encrypted data key 26 is requested by the agent, and records the nature of the unencrypted data that is passed from the agent to the information source 14.
  • a user can check what types of user-specific data are being accessed by a given information source, which can be used to verify that the user-specific data is contained securely within the agent 10.
  • a sports news service has obtained, from the agent 10
  • user-specific data concerning a user's income, dietary habits or marital status for example, this may indicate that the data key 12 is no longer safely encrypted and that a security breach has occurred.
  • the information source 14 supplies the agent 10 with an information payload 28 encrypted using a randomly generated DES payload key 29, with the encrypted information 28 being stored within a payload container 30 provided in the agent 10.
  • a copy of the payload key is also passed to the agent.
  • the agent 10 encrypts the payload key 29 and the agent 10 - with its loaded payload container 30 - is then returned to the user via the broker 15.
  • the encrypted payload key 31 is decrypted, with the thus-decrypted payload key 29 then being used by the workstation 11 to decrypt the information payload 28.
  • the invention allows user-specific data to be used to tailor information received from an information source in a highly secure manner.
  • this is achieved by the use of the broker 15, which removes or disguises the origin of the agent supplied by the workstation 11 over (for example) an Internet platform.
  • the broker 15 receives limited parts of the user-specific data from the agent, and forwards these to the information source 14, the broker does not have unrestricted access to the unencrypted user-specific data, as the broker does not have an unencrypted form of the data key 12.
  • the broker can receive an encrypted information payload from the agent, and forward this to the workstation 11, the broker does not have unrestricted access to the information source 14, and cannot decrypt the encrypted information payload 28 as it does not itself have access to the exchange private key 24.
  • the target service (information source) 14 has no direct access to any of the user-specific data, as it to has no access to the data key 12, and is only able to obtain the encrypted data key 26 from the broker 15 when the broker is appropriately authorised to release it.
  • the data log maintained by the broker 15 can be used to inform a user when and by whom (or by what) the user's data has been accessed. Should this reveal that a particular information source appears to be using the agent 10 inappropriately (by asking questions that do not relate to the core activities of the information source), access to the encrypted data key 26 may be refused by the broker 15, if so instructed by the user.
  • the invention provides, in particular, a highly secure and efficient method by which a user's Internet (e.g. web browsing) experience may be personalised, in that a requested web page can be tailored in accordance with the user's particular interests or preferences, without the user having to disclose unencrypted personal data as has hitherto often been required.
  • a user's Internet e.g. web browsing
  • a requested web page can be tailored in accordance with the user's particular interests or preferences, without the user having to disclose unencrypted personal data as has hitherto often been required.

Landscapes

  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
EP01410087A 2001-07-12 2001-07-12 Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur Withdrawn EP1276062A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP01410087A EP1276062A1 (fr) 2001-07-12 2001-07-12 Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur
US10/194,974 US20030012384A1 (en) 2001-07-12 2002-07-12 Method of providing user-specific data to an information source, a data carrier and a method of personalising a user's Internet experience

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP01410087A EP1276062A1 (fr) 2001-07-12 2001-07-12 Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur

Publications (1)

Publication Number Publication Date
EP1276062A1 true EP1276062A1 (fr) 2003-01-15

Family

ID=8183104

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01410087A Withdrawn EP1276062A1 (fr) 2001-07-12 2001-07-12 Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur

Country Status (2)

Country Link
US (1) US20030012384A1 (fr)
EP (1) EP1276062A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8842175B2 (en) 2004-03-26 2014-09-23 Broadcom Corporation Anticipatory video signal reception and processing
US8656506B2 (en) * 2007-06-28 2014-02-18 Microsoft Corporation Rights enforcement of unencrypted content

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4500750A (en) * 1981-12-30 1985-02-19 International Business Machines Corporation Cryptographic application for interbank verification
US5748735A (en) * 1994-07-18 1998-05-05 Bell Atlantic Network Services, Inc. Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography
AU3415595A (en) * 1994-10-04 1996-04-26 Banctec, Inc. An object-oriented computer environment and related method
US5812666A (en) * 1995-03-31 1998-09-22 Pitney Bowes Inc. Cryptographic key management and validation system
ES2174050T3 (es) * 1996-01-12 2002-11-01 Ibm Intercambio anonimo y seguro de informacion en una red.
US6076078A (en) * 1996-02-14 2000-06-13 Carnegie Mellon University Anonymous certified delivery
US5903729A (en) * 1996-09-23 1999-05-11 Motorola, Inc. Method, system, and article of manufacture for navigating to a resource in an electronic network
GB2318486B (en) * 1996-10-16 2001-03-28 Ibm Data communications system
US6002946A (en) * 1997-04-14 1999-12-14 Motorola, Inc. Handheld device having an optical data reader
US6266704B1 (en) * 1997-05-30 2001-07-24 The United States Of America As Represented By The Secretary Of The Navy Onion routing network for securely moving data through communication networks
US6490620B1 (en) * 1997-09-26 2002-12-03 Worldcom, Inc. Integrated proxy interface for web based broadband telecommunications management
US6108644A (en) * 1998-02-19 2000-08-22 At&T Corp. System and method for electronic transactions
US6112992A (en) * 1998-06-17 2000-09-05 Motorola, Inc. Optical code reader and methods and articles therefor
US6131813A (en) * 1998-06-04 2000-10-17 Motorola, Inc. Optical code reader and methods and articles therefor
US6260760B1 (en) * 1998-06-17 2001-07-17 Motorola, Inc. Optical code reader including circuitry for processing the symbology
US6643684B1 (en) * 1998-10-08 2003-11-04 International Business Machines Corporation Sender- specified delivery customization
US6430688B1 (en) * 1998-12-22 2002-08-06 International Business Machines Corporation Architecture for web-based on-line-off-line digital certificate authority
US6496931B1 (en) * 1998-12-31 2002-12-17 Lucent Technologies Inc. Anonymous web site user information communication method
US6418325B1 (en) * 1999-07-12 2002-07-09 Motorola, Inc. Handheld device having an optical data reader

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
No Search *

Also Published As

Publication number Publication date
US20030012384A1 (en) 2003-01-16

Similar Documents

Publication Publication Date Title
US9400891B2 (en) Owner controlled transmitted file protection and access control system and method
US9134935B2 (en) Methods and apparatus for secure document printing
CN1665184B (zh) 使用灵活权限模板以获取数字内容的经签署的权限标签
EP1515215B1 (fr) Procédé et dispositif pour le transfert sécurisé et la gestion de droits d'accès du contenu numérique au moyen d'indexation du contenu
US9286484B2 (en) Method and system for providing document retention using cryptography
US6189101B1 (en) Secure network architecture method and apparatus
JP5383830B2 (ja) ユーザのプライバシー保護のための方法
US20030079120A1 (en) Web environment access control
US7725716B2 (en) Methods and systems for encrypting, transmitting, and storing electronic information and files
US20020077985A1 (en) Controlling and managing digital assets
US20030051172A1 (en) Method and system for protecting digital objects distributed over a network
US20020032873A1 (en) Method and system for protecting objects distributed over a network
JP2004509398A (ja) ネットワークにわたって配布されるオブジェクトの保護のために監査証跡を確立するためのシステム
US7359518B2 (en) Distribution of secured information
US11962684B2 (en) System and method for registering a user
US20040059945A1 (en) Method and system for internet data encryption and decryption
US20090228710A1 (en) System and method for presentation integrity
US7225463B2 (en) Secure network architecture method and apparatus
EP1276062A1 (fr) Procédé pour fournir à une source d' information des données spécifiques aux utilisateurs, moyen d'enregistrement et procédé de personnalisation de l'éxpérience internet d'un utilisateur
US8006307B1 (en) Method and apparatus for distributing secure digital content that can be indexed by third party search engines
KR100871619B1 (ko) 이동통신 단말기에서 멀티미디어 메시지를 통해 컨텐트권리를 수신하는 장치 및 방법
KR20180136267A (ko) 동형 암호화를 이용한 개인 정보 보호 방법
CN112187777A (zh) 智慧交通传感数据加密方法、装置、计算机设备及存储介质
Hsiao et al. Secure information caching on the Web
JP2004334437A (ja) 回覧文書管理システム

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20030711

AKX Designation fees paid

Designated state(s): DE FR GB

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20061024